Key Themes in Southeast Asia’s 2024 Cybersecurity: Passwordless, Digital Identity, AI

Southeast Asia is home to some of the largest and fastest-growing digital economies in the world. According to research by Google, Bain, and Temasek, the region’s collective digital economy remains on track to deliver US$100 billion in revenue by the end of 2023 despite global macroeconomic headwinds – an increase of eight times over the past eight years. This rapid pace of digitalization is set to continue, being a central pillar of the national agenda in key Southeast Asian economies such as Singapore, whose digital economy represented nearly 20% of its GDP in 2022.

However, this flight to digital has also attracted the attention of cybercriminals, with Southeast Asia becoming a hotspot for cyberattacks. Nearly a third (28%) of Southeast Asian companies surveyed by PwC have seen the threat of cyberattacks rise significantly in line with the increased digitalization of their operations.

In a digital-first era where sensitive personal and corporate data increasingly reside online, a robust focus on cybersecurity is no longer a consideration, but a mission-critical imperative for Southeast Asia’s businesses. Experts from Ping Identity, a leading provider of seamless and secure digital experiences, weigh in on some of the key trends set to shape Southeast Asia’s cybersecurity landscape that business decision-makers in the region will need to be aware of as we enter 2024.

Identity at the Core of Trust and Security in a Digital-first Economy
With the increasing adoption of digital goods and services, digital identity is quickly becoming the foundation for customer satisfaction. A McKinsey study found that 53% of global consumers make online purchases or use digital services only after making sure that the company has a reputation for protecting its customers’ data.

According to Andre Durand, CEO and founder, Ping Identity: “Identity has always been a gatekeeper of authenticity and security, but over the past few years, it’s become even more central and more critical to securing everything and everyone in an increasingly distributed world.

As identity assumes the mantle of ‘the new perimeter’, and as companies seek to centralize their management, fraud has shifted its focus to penetrating our identity systems and controls at every step in the identity lifecycle, from new account registration to authentication.

2024 is a year when companies need to get very serious about protecting their identity infrastructure, and AI will fuel this imperative. Welcome to the year of verifying more, trustless, when ‘authenticated’ becomes the new ‘authentic.’ Moving forward, all unauthenticated channels will become untrustworthy by default as organizations bolster security on the identity infrastructure.”

Passwordless Takes Centre Stage as Need for Simple, Secure Experiences Heightens
In today’s technological landscape, keeping up with passwords is a common headache among consumers. Many end up reusing passwords, raising the risks of identity theft or data breaches across multiple logins if credentials are compromised.

According to Peter Barker, CPO, Ping Identity: “Traditional passwords leave organizations susceptible to data breaches while leaving users – both employees and consumers – craving more simple, secure digital experiences, especially given the proliferation of AI. In fact, a recent study found that a staggering one-third of consumers say they must replace their passwords every 6 months (31%) due to user errors such as misplacement or forgetting their password, and 34% of consumers globally are open to using a passwordless login option if it were as or more secure than using a password.

As cybercriminals continue targeting antiquated login options to gain unauthorized access into systems, IT departments must take measures to bolster protection – with 2024 being the year when the risks associated with passwords are completely eliminated across the enterprise. Next year, enterprise leaders will make the leap towards increased adoption of passwordless authentication, to not only safeguard business, but meet users’ heightened demands related to digital experience and security.”

And a shift away from traditional passwords in favour of decentralized identity solutions may not be far away. According to Alex Ryals, VP Channel Sales, Ping Identity: “As more companies and organizations shift away from conventional – and antiquated – authentication methods, we will see decentralized identity become more prevalent. This transition will be spurred by local and national government agencies as they grapple with the increased volume of credential and identity-based attacks. China’s successful breach of government systems this year was likely a turning point in governments taking stronger actions to prevent future threats. I expect to see both federal agencies and eventually state and local organizations adopt decentralized identity to better allow users to manage their own credentials and entitlements to various required services.”

Focus on Responsible Artificial Intelligence Adoption and Use
Artificial intelligence (AI) has become the buzzword of 2023, with investments in the technology on the rise within the broader Asia Pacific region. AI is to continue its growth trajectory within Southeast Asia in 2024, where the region’s companies are poised to invest 67% more in technology and machine learning in 2023 than compared to the previous year according to an IDC report.

According to John Cannava, CIO, Ping Identity: “Artificial intelligence has infiltrated the workforce at an unprecedented rate, adding greater IT complexity to today’s hybrid work model. To date, CIOs have played an important role in implementing emerging technology within organizations in a secure, effective and efficient manner. But in 2024, CIOs will become AI leaders, collaborating closely with the CISO, CHRO and Legal to ensure continued secure and ethical use of AI in internal processes and external innovations.

We’ll also see the emergence of new C-suite roles, like the Chief AI Officer, who will partner with CIOs to ensure AI adoption continues to grow and emerging regulations are adhered to across the enterprise.”

Artificial Intelligence Misused for Cybercrime
However, the generative potential of AI also holds the potential to be misused for cybercrime.

According to Alex Ryals, VP Channel Sales, Ping Identity: “In 2024, AI-based fraud will accelerate exponentially and cause users to question the validity and integrity of multimedia like video, images, and audio files. While more fraudulent activity poses new challenges, it is likely that it will also lead to more innovative technology and practices in content verification and validation. Threat actors are constantly innovating to overcome security measures and be successful, and security teams will need to continue to do the same. To do so, existing technologies will have to continually evolve to stay ahead of the fraud-curve. Next year will likely demonstrate how companies will expand partnerships and collaborate to deliver best-in-class technology for evolving challenges.”

Deepfakes and Disinformation as a Growing Threat to Cybersecurity and Digital Identity
While Southeast Asia’s booming digital economy creates a plethora of tech-powered growth opportunities, it has given rise to safety and privacy risks – such as those driven by AI – that are vital to address in order to retain consumer trust. One such area, as identified by Accenture, is advancements in deepfake technologies that can increase risk related to fraud, hacking, and malicious behaviour.

According to Alex Laurie, SVP Global Sales Engineering, Ping Identity: “In 2024, our trust will be challenged in ways we haven’t faced before as the names, faces and voices of those people closest to us are used against us. We have seen the proliferation of artificial intelligence this past year, which has brought with it a rise in deep fake scams and an increase in fraudulent activity.

Deepfake technology that impersonates a person’s likeness both through audio and visual means is only going to become more authentic, and therefore harder to detect by the average consumer. This is especially true for the digitally vulnerable people within the population, such as the elderly who may not have as much experience dealing with sophisticated scams, as well as those in lower-income households who might be looking to sales to make an essential purchase and in their haste, may make the wrong decision as in-fact a link is malicious in nature pointing to a fake website or service.

We must remain vigilant to these advanced scams, which we can do by challenging our normal level of trust. Always double-check that what you’re taking action on is real by contacting the verified organisation or known person that it came from and help raise awareness of these scams by calling them out publicly to increase education.”

Enhancing Safety and Resilience in Southeast Asia’s Digital Economy
Southeast Asia is at an inflexion point in its digital journey. As 2024 beckons, ignoring cybersecurity is not an option, but a gamble with the region’s future.

Managed well, Southeast Asia’s digital transformation may very well continue to drive its economic prosperity for years to come, enabling the region’s organisations to harness the technology for sustainable growth. Doing so requires concerted efforts from both public and private stakeholders to address cybersecurity gaps, which include risks related to traditional passwords, digital identity fraud, and misuse of AI.